Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FLT_POSTOP_CALLBACK_STATUS PostCreate(
- __inout PFLT_CALLBACK_DATA Data,
- __in PCFLT_RELATED_OBJECTS FlteObject,
- __in_opt PVOID CompletionContext,
- __in FLT_POST_OPERATION_FLAGS Flags
- ) {
- PHANDLE pH;
- PFILE_OBJECT pFileObject;
- if (!NT_SUCCESS( Data->IoStatus.Status ) ||
- (STATUS_REPARSE == Data->IoStatus.Status)) {
- return FLT_POSTOP_FINISHED_PROCESSING;
- }
- __try{
- __try{
- PEPROCESS callerProcess = IoThreadToProcess(Data->Thread);
- if (pFileObject->Flags == FO_HANDLE_CREATED) {
- NTSTATUS ntstuatus = ObOpenObjectByPointer(callerProcess,
- 0,
- NULL,
- READ_CONTROL,
- NULL,
- KernelMode,
- pH); }
- finally{
- if (!NT_SUCCESS(ntstatus)) {
- return STATUS_ACCESS_DENIED; }
- }
- }
- }
- HANDLE hProcess = pH;
- DWORD WINAPI pID = GetProcessId(pH);
- (VOID) pidListUser(pID, *list);
- return FLT_POSTOP_FINISHED_PROCESSING;
- }
Add Comment
Please, Sign In to add comment
